Trying to break into CyberSec, yet no one wants to hire entry level

2

Comments

  • Danielm7Danielm7 Member Posts: 2,310 ■■■■■■■■□□
    Shane2 wrote: »
    I have hands on experience in cybersecurity. Any decent System Administrator will work in a few of the 8 domains.
    Very true, I went from systems to security, tons of transferable skills.
  • Scan For SecurityScan For Security Registered Users Posts: 2 ■□□□□□□□□□
    The main problem is that everybody think if they have certification that's it :) Actually no, first of all you need to have some kind of experience and no just "working in the domain of ... bla bla" but real hands on experience. Coding, Win/Linux administration, networking and of course hacking (at least mobile / web applications on start).

    The best thing here will be not only run blog, but for example participate in bug bounty projects (hackerone, OpenBugBounty), code some stuff and share it via GitHub, take part with such platforms like cybrary, do tests, write stuff.
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    johndoee wrote: »
    The point was everyone has a (minimal) secret clearance that's in IT in DC. icon_lol.gif . You need to bring something else to the table besides for that...actually a lot of people have higher clearances. That goes to the point of stepping your cc's up. Although easier said than done. But good luck anyway icon_cool.gificon_rolleyes.gif

    I know you were not bragging about a secret clearance. I know thaticon_twisted.gif

    Minimal clearance is Public Trust. I have been working on skills and certifications to “bring something else to the table”. Nowhere in my post does it say I am relying on my clearance.

    In fact, I am asking for suggestions on making myself more marketable. Your suggestion is “make yourself more marketable”. You are the exact type of person that gives IT folks a bad name. Unwilling to help, and only negative and condescending.
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    The main problem is that everybody think if they have certification that's it :) Actually no, first of all you need to have some kind of experience and no just "working in the domain of ... bla bla" but real hands on experience. Coding, Win/Linux administration, networking and of course hacking (at least mobile / web applications on start).

    The best thing here will be not only run blog, but for example participate in bug bounty projects (hackerone, OpenBugBounty), code some stuff and share it via GitHub, take part with such platforms like cybrary, do tests, write stuff.

    I don’t think having a cert is everything. The only reason I am getting the cert is to get past the filters.
  • jeremywatts2005jeremywatts2005 Member Posts: 347 ■■■■□□□□□□
    Dude here is a suggestion. Why not focus toward the Incident Response/Monitoring side of Security. Many of your skills fit in that arena. You are in DC and SOC guys are desperately needed. Look for SOC jobs and tailor your resume that way. Your helpdesk experience should help you in a role for monitoring in a SOC at the very least.
  • mmcabemmcabe Member Posts: 58 ■■□□□□□□□□
    @Shane2, I think your time is better spent getting very specific hands-on experience. I don't know what your office is like, but can you ask the firewall admins if they need help? If they won't let you touch the firewalls, ask if they need help with documentation. Get involved with backup restores and disaster recovery planning and implementation, user rights and permissions reviews, inventory updates, etc. No one has time to implement all of that the way they should. Worm your way into that department; I guarantee they are overworked and need assistance, but they need to trust you know what you're doing. That may take awhile.

    If you're locked into your role at work, go build that linux network I mentioned earlier. You can build and configure any security tool imaginable for free once you get that set up. Subscribe to CERT alerts and check in with the Qualys site regularly so you can stay on top of real-world events. Check a few servers with SSLLabs and you will learn more about certificates than any book will teach you.

    A couple years from now, both you and the paper CISSP will be in front of the hiring manager, and you know who he'll pick in the end.
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    Dude here is a suggestion. Why not focus toward the Incident Response/Monitoring side of Security. Many of your skills fit in that arena. You are in DC and SOC guys are desperately needed. Look for SOC jobs and tailor your resume that way. Your helpdesk experience should help you in a role for monitoring in a SOC at the very least.

    Just got a contact about an incident response position this morning. I still need to revamp my resume, but I’m hoping I get a call back.
  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    mmcabe wrote: »
    @Shane2, I think your time is better spent getting very specific hands-on experience. I don't know what your office is like, but can you ask the firewall admins if they need help? If they won't let you touch the firewalls, ask if they need help with documentation. Get involved with backup restores and disaster recovery planning and implementation, user rights and permissions reviews, inventory updates, etc. No one has time to implement all of that the way they should. Worm your way into that department; I guarantee they are overworked and need assistance, but they need to trust you know what you're doing. That may take awhile.

    If you're locked into your role at work, go build that linux network I mentioned earlier. You can build and configure any security tool imaginable for free once you get that set up. Subscribe to CERT alerts and check in with the Qualys site regularly so you can stay on top of real-world events. Check a few servers with SSLLabs and you will learn more about certificates than any book will teach you.

    A couple years from now, both you and the paper CISSP will be in front of the hiring manager, and you know who he'll pick in the end.

    This is probably what I will do. I have VM workstation, and I use that as a pentesting lab, I’m a beginner, but I’m willing to “Try Harder”. My plan is to set up another vm lab and blog my experience. I’m going to start writing my first blog this weekend, which will be a review of the CCNA Cyber Ops.
  • tripleatriplea Member Posts: 190 ■■■■□□□□□□
    Its kinds the same position in the UK

    Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

    I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

    Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

    No one wants to give the people trying to get in a chance to build. Employers are as much to blame!
  • NavyMooseCCNANavyMooseCCNA Member Posts: 544 ■■■■□□□□□□
    triplea wrote: »
    Its kinds the same position in the UK

    Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

    I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

    Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

    No one wants to give the people trying to get in a chance to build. Employers are as much to blame!
    Completely agree.

    'My dear you are ugly, but tomorrow I shall be sober and you will still be ugly' Winston Churchil

  • Shane2Shane2 Member Posts: 65 ■■■□□□□□□□
    triplea wrote: »
    Its kinds the same position in the UK

    Plenty of companies want someone but 99% of them all want someone who has experience. Some of these have been up for MONTHS.

    I started looking at the beginning of the year ( they did actually want someone with 2nd/3rd line and an interest in security ) and got down to the last 2. If I would have got the job then the title change would really of been all I needed forever I feel )

    Ive been a SA for 17 years now over a couple of companies and also hold the SEC+ and SSCP, have included on CV as much to do with security as poss, but apparently not enough as the job title doesn't say SECURITY.

    No one wants to give the people trying to get in a chance to build. Employers are as much to blame!

    Sad to hear it is the same across the pond. Here you hear about a extreme lack of candidates, yet there is a real unwillingness to hire and train even experienced IT professionals.

    If there is a lack of professionals, and you refuse to hire anyone without direct experience, that gap will never close.

    It makes no sense.

    Good luck on the hunt, bud!
  • TeKniquesTeKniques Member Posts: 1,262 ■■■■□□□□□□
    I think that some people get too caught up on outlining their technical skills on the resume rather than accomplishments. If you want to separate yourself from the competition, experience or not, you need to show the employer what you bring to the table that the rest do not. Simply outlining that you know x, y, z and have this-and-that certification are not enough imo. If you're applying for a security position, outline what you've accomplished in security for your current or past employers - you set up a firewall? Great, every other applicant can do the same thing ...

    You also need to sell yourself in an interview once you get it ... so don't overlook the soft skills!
  • SyntaxSyntax Member Posts: 61 ■■■□□□□□□□
    Shane2 wrote: »
    Sad to hear it is the same across the pond. Here you hear about a extreme lack of candidates, yet there is a real unwillingness to hire and train even experienced IT professionals.

    If there is a lack of professionals, and you refuse to hire anyone without direct experience, that gap will never close.

    It makes no sense.

    Good luck on the hunt, bud!

    I've been trying to sell myself by describing the CCNA Cyber Ops certification... I really wish that Cisco would re-brand that certification as something other than CCNA. When people hear CCNA they think just networking and working with Cisco gear when the exam has almost nothing to do with that. I argue that the training provided is most relevant to actual security analyst positions out there.
  • SyntaxSyntax Member Posts: 61 ■■■□□□□□□□
    TeKniques wrote: »
    I think that some people get too caught up on outlining their technical skills on the resume rather than accomplishments. If you want to separate yourself from the competition, experience or not, you need to show the employer what you bring to the table that the rest do not. Simply outlining that you know x, y, z and have this-and-that certification are not enough imo. If you're applying for a security position, outline what you've accomplished in security for your current or past employers - you set up a firewall? Great, every other applicant can do the same thing ...

    You also need to sell yourself in an interview once you get it ... so don't overlook the soft skills!

    It depends... I think some places seem to only care about what you know and if you can work with their technologies. It depends on the role that you're going for. If the roles are highly technical, they mostly care that you have experience with 'X'. The soft skills and such are nice to have but when they're screening candidates they're looking for the technical stuff more than anything. If the position is less technical and more on the policy side of things the soft skills matter more since they expect you to interact with people, senior management, etc.
  • josephandrejosephandre Member Posts: 315 ■■■■□□□□□□
    Shane2 wrote: »
    Minimal clearance is Public Trust. I have been working on skills and certifications to “bring something else to the table”. Nowhere in my post does it say I am relying on my clearance.

    In fact, I am asking for suggestions on making myself more marketable. Your suggestion is “make yourself more marketable”. You are the exact type of person that gives IT folks a bad name. Unwilling to help, and only negative and condescending.

    Guys a clown. Ignore him.

    You’ll find something you just need to be aggressive in your search
  • 518518 Member Posts: 165 ■■■□□□□□□□
    anyone here with TS and CISSP and wants to start a career in cybersec, we have a position available overseas. the first $102k salary is tax free...message me.
  • infosecsinfosecs Member Posts: 48 ■■□□□□□□□□
    I can confirmn what OP mentioned. It is very difficult to get a job unless one has worked on exactly the same tools and technologies that the employers are asking for. No one wants to see how much potential you have, how much you are willing to learn or how much you know. They are only looking for knowledge and hands on experience in specific segments of infosec. Preference is given to already trained employees of competitors so there goes the shortage of cyber security skills shortage BS.
  • anthonxanthonx Member Posts: 109 ■■■□□□□□□□
    I've been hearing a lot about there are no entry level jobs for cyber security and I came across this job posting. It seems like some companies are hiring entry level after all. The job looks like its really entry level, like 50% of your time spent training...

    [FONT=&quot]Entry-level Cyber Security Analysts (recent graduates)[/FONT]
    [FONT=&quot]Bank of Canada40 reviews - Ottawa, ON[/FONT]
    AnthonX
  • TechGromitTechGromit Member Posts: 2,156 ■■■■■■■■■□
    Shane2 wrote: »
    ... and hold a Secret Clearance. I'm having a hard time finding a new position...

    Wow this is a surprise to me, I thought anyone with a secret or higher security clearance and a pulse was pretty much ensured a job somewhere.
    Still searching for the corner in a round room.
  • infosecsinfosecs Member Posts: 48 ■■□□□□□□□□
    anthonx wrote: »
    I've been hearing a lot about there are no entry level jobs for cyber security and I came across this job posting. It seems like some companies are hiring entry level after all. The job looks like its really entry level, like 50% of your time spent training...

    [FONT=&amp]Entry-level Cyber Security Analysts (recent graduates)[/FONT]
    [FONT=&amp]Bank of Canada40 reviews - Ottawa, ON[/FONT]
    You are making the classic mistake, the one that took me almost two months to figure out the hard way.
    Check # 4 in first post of my thread - http://www.techexams.net/forums/jobs-degrees/133184-my-cyber-security-job-search-experience-so-far-wish-i-had-known-earlier.html
    and the last post.
    What we see is the truth, NOT the whole truth. Fresh graduates are being hired by banks, canadian tire, ibm, fire eye and others. Those with 7+ years of specific experience with specific tools are in great demand.
    What we are not being told is
    a. The ones with some experience need not waste their time
    b. Those trying to break in from other Fields like Networking, IT Admin need not apply.
    c. Those that are willing to learn cybersecurity need not apply.
  • anthonxanthonx Member Posts: 109 ■■■□□□□□□□
    infosecs wrote: »
    You are making the classic mistake, the one that took me almost two months to figure out the hard way.
    Check # 4 in first post of my thread - http://www.techexams.net/forums/jobs-degrees/133184-my-cyber-security-job-search-experience-so-far-wish-i-had-known-earlier.html
    and the last post.
    What we see is the truth, NOT the whole truth. Fresh graduates are being hired by banks, canadian tire, ibm, fire eye and others. Those with 7+ years of specific experience with specific tools are in great demand.
    What we are not being told is
    a. The ones with some experience need not waste their time
    b. Those trying to break in from other Fields like Networking, IT Admin need not apply.
    c. Those that are willing to learn cybersecurity need not apply.

    What a coincidence... You are the last one to post on this thread and also from Toronto... I don't want to create a new thread so I just continued in this old post. So any luck with your cyber security job search?
    AnthonX
  • infosecsinfosecs Member Posts: 48 ■■□□□□□□□□
    anthonx wrote: »
    So any luck with your cyber security job search?
    Not yet, quite a few interviews but nothing has materialized.
    I will now focus on smaller organizations and ignore Banks completely. Waste of time.
    Saw lots more jobs geared towards Fresh graduates. I am pretty sure that "International students" are the new "outsourcing" boom in GTA. The huge influx of students has suddenly become very attractive option for employers to exploit who are grabbing them for peanuts. People with 1 to 4 years experience are being left on the side.
  • aderonaderon Member Posts: 404 ■■■■□□□□□□
    jt2929 wrote: »
    How do you have CISSP with no security experience? Same with the OP, why go after a cert that requires 5 (or4) years of relevant experience if you don't have it?

    The CISSP experience requirements are extremely easy to hit and almost any job in IT would likely qualify you if you have at least 5 years. Some of the domains ask for things like "Understanding and use of CIA triad" or something to that effect. I don't think I've ever had an IT job that hasn't touched that in some respect.
    2019 Certification/Degree Goals: AWS CSA Renewal (In Progress), M.S. Cybersecurity (In Progress), CCNA R&S Renewal (Not Started)
  • cowillcowill Member Posts: 93 ■■□□□□□□□□
    Sounds like you are having resume/soft skill related issues or not applying for the right jobs.

    A clearance, 3 years as a sys ad is more than enough to break through in CS. Especially in the Dc area. I know people with NO IT exp that jump into CS with less.
  • anthonxanthonx Member Posts: 109 ■■■□□□□□□□
    cowill wrote: »
    Sounds like you are having resume/soft skill related issues or not applying for the right jobs.

    A clearance, 3 years as a sys ad is more than enough to break through in CS. Especially in the Dc area. I know people with NO IT exp that jump into CS with less.

    TS is from Toronto, Canada. The US government doesn't give clearances for non-US citizens. Maybe, someone in here can share if there are any exceptions.
    AnthonX
  • cowillcowill Member Posts: 93 ■■□□□□□□□□
    anthonx wrote: »
    TS is from Toronto, Canada. The US government doesn't give clearances for non-US citizens. Maybe, someone in here can share if there are any exceptions.

    Im not sure we are reading the same thread. Please review.
  • cowillcowill Member Posts: 93 ■■□□□□□□□□
    Danielm7 wrote: »
    You have clearance, some experience and are in DC, maybe it's your resume?

    I was thinking the same.....
  • anthonxanthonx Member Posts: 109 ■■■□□□□□□□
    cowill wrote: »
    Im not sure we are reading the same thread. Please review.

    Yeah, I got things mixed up. Apologies.
    AnthonX
  • KapitalKapital Member Posts: 33 ■■□□□□□□□□
    anthonx wrote: »
    Yeah, I got things mixed up. Apologies.
    have you tried for the soul killing, graveyard shift SOC Level 1 jobs at the MSP? No one wants these jobs anyways but can get your foot in the door.
  • Z0sickxZ0sickx Member Posts: 180 ■■■□□□□□□□
    i've done ACAS on both sides of the house...feel free to ask for pointers in a PM
Sign In or Register to comment.